GET request schema validation fails on WSO2 API Manager 4.5.0 with parameter passed in query string, JSON parse error #4562
Description
Description
Description
Context
I am using WSO2 API Manager 4.5.0 to expose an endpoint defined as follows (excerpt from OpenAPI):
/phone-numbers:
get:
tags:
- WhatsApp
summary: Get a list of phone numbers associated with the accountCode (1 to 1).
description: Retrieves a list of phone numbers associated with your WhatsApp account.
operationId: get_phone_numbers
parameters:
- name: waCode
in: query
required: true
style: form
explode: true
schema:
type: string
responses:
'200':
description: A list of phone numbers
content:
application/json:
schema:
$ref: '#/components/schemas/getPhoneNumbersResponse'
'500':
description: Error Response
security:
- default: []
x-auth-type: Application & Application User
x-throttling-tier: Unlimited
x-wso2-application-security:
security-types:
- oauth2
optional: false
Problem:
When issuing this GET request:
curl --location --request GET 'https://zmessagehub.zucchetti-integration.com/v1/phone-numbers?waCode=zucchetti001' \
--header 'Authorization: Bearer <ACCESS_TOKEN>' \
--header 'Accept: */*' \
--header 'User-Agent: Apidog/1.0.0 (https://apidog.com)'
I receive the following error response:
{
"code": "400",
"message": "Bad Request",
"description": "Schema validation failed in the Request: Unable to parse JSON - Unrecognized token 'zucchetti001': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')\n at [Source: REDACTED; line: 1, column: 13]."
}
Findings
The wire log confirms that the GET request has no body and only the query parameter is sent.
No additional mediation policies are active in the API definition.
Schema validation is required for POST endpoints, but should not be triggered for GET when no request body is expected.
The error arises because the schema validator tries to parse something as JSON (most likely the query string or an empty payload), resulting in a Jackson parse error: Unrecognized token 'zucchetti001'.
The OpenAPI definition does not declare a requestBody for GET. Validation should only happen on the parameters, not on a non-existent body.
Expected Behavior
Request schema validation should not attempt to parse the query string or an empty body as JSON for GET endpoints without a requestBody.
GET requests with proper query parameters should be processed successfully.
Steps to Reproduce
- Deploy the attached OpenAPI definition on WSO2 API Manager 4.5.0.
- Enable request schema validation at the API level.
- Issue a GET request with only a query string (no body).
- Observe the 400 error and the JSON parse failure in the logs.
Version
4.5.0
Environment Details (with versions)
No response